// This tool can be used to verify that a guardian is properly receiving CCQ queries and publishing responses.

// This tool can be used to passively listen for query responses from any guardian:
//    go run ccqlistener.go --env mainnet --listenOnly
//
// Or it can be used to passively listen for query responses from a particular guardian:
//    go run ccqlistener.go --env mainnet --listenOnly --targetPeerId <yourGuardianP2pPeerId>
//
// This should work both in mainnet and testnet because there are routine monitoring queries running every few minutes.
// Note that you may need to wait 15 minutes or more to see something. Look for message saying "query response received".

// This tool can also be used to generate a simple query request, send it and wait for the response. Note that this takes
// considerable more set up, as the P2P ID and signing key of this tool must be defined here and configured on the guardian.
//
// To use this tool to generate a query, you need two local files:
//    ./ccqlistener.nodeKey - This file contains the P2P peer ID to be used. If the file does not exist, it will be created.
//    ./ccqlistener.signerKey - This file contains the key used to sign the request. It must exist.
//
// If the nodeKey file does not exist, it will be generated. The log output will print the peerID in the "Test started" line.
// That peerID must be included in the `ccqAllowedPeers` parameter on the guardian.
//
// The signerKey file can be generated by doing: guardiand keygen --block-type "CCQ SERVER SIGNING KEY" /path/to/key/file
// The generated key (which is listed as the `PublicKey` in the file) must be included in the `ccqAllowedRequesters` parameter on the guardian.
//
// To run this tool, do `go run ccqlistener.go`
//
// - Look for the line saying "Signing key loaded" and confirm the public key matches what is configured on the guardian.
// - Look for the "Test started" and confirm that the peer ID matches what is configured on the guardian.
// - You should see a line saying "Waiting for peers". If you do not, then the test is unable to bootstrap with any guardians.
// - After a few minutes, you should see a message saying "Got peers". If you do not, then test is unable to communicate with any guardians.
// - After this, the test runs, and you should eventually see "Success! Test passed"
//
// To run the tool as a docker image, you can do something like this:
// - wormhole$ docker build --target build -f node/hack/query/ccqlistener/Dockerfile -t ccqlistener .
// - wormhole$ docker run -v /ccqlistener/cfg:/app/cfg ccqlistener /ccqlistener --env mainnet --configDir /app/cfg
// Where /ccqlistener is a directory containing these files:
// - ccqlistener.nodeKey
// - ccqlistener.signerKey

package main

import (
	"bytes"
	"context"
	"crypto/ecdsa"
	"encoding/hex"
	"flag"
	"fmt"
	"os"
	"os/signal"
	"strings"
	"syscall"
	"time"

	"github.com/certusone/wormhole/node/hack/query/utils"
	"github.com/certusone/wormhole/node/pkg/common"
	"github.com/certusone/wormhole/node/pkg/p2p"
	gossipv1 "github.com/certusone/wormhole/node/pkg/proto/gossip/v1"
	"github.com/certusone/wormhole/node/pkg/query"
	"github.com/certusone/wormhole/node/pkg/random"
	"github.com/ethereum/go-ethereum/accounts/abi"
	"github.com/ethereum/go-ethereum/common/hexutil"
	ethCrypto "github.com/ethereum/go-ethereum/crypto"
	pubsub "github.com/libp2p/go-libp2p-pubsub"
	"github.com/libp2p/go-libp2p/core/crypto"
	"go.uber.org/zap"
	"google.golang.org/protobuf/proto"
)

var (
	envStr        = flag.String("env", "", `environment (may be "testnet" or "mainnet", required unless "--bootstrap" is specified)`)
	p2pNetworkID  = flag.String("network", "", "P2P network identifier (optional, overrides default, required for devnet)")
	p2pPort       = flag.Int("port", 8998, "P2P UDP listener port")
	p2pBootstrap  = flag.String("bootstrap", "", "P2P bootstrap peers (optional, overrides default)")
	nodeKeyPath   = flag.String("nodeKey", "ccqlistener.nodeKey", "Path to node key (will be generated if it doesn't exist)")
	signerKeyPath = flag.String("signerKey", "ccqlistener.signerKey", "Path to key used to sign unsigned queries")
	configDir     = flag.String("configDir", ".", "Directory where nodeKey and signerKey are loaded from (default is .)")
	listenOnly    = flag.Bool("listenOnly", false, "Only listen for responses, don't publish anything (default is false)")
	targetPeerId  = flag.String("targetPeerId", "", "Only process responses from this peer ID (default is everything)")
)

func main() {

	//
	// BEGIN SETUP
	//

	flag.Parse()

	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()
	logger, _ := zap.NewDevelopment()

	if *envStr != "" {
		// If they specify --env then use the defaults for the network parameters and don't allow them to override them.
		if *p2pNetworkID != "" || *p2pBootstrap != "" {
			logger.Fatal(`If "--env" is specified, "--network" and "--bootstrap" may not be specified`)
		}
		env, err := common.ParseEnvironment(*envStr)
		if err != nil || (env != common.MainNet && env != common.TestNet) {
			logger.Fatal(`Invalid value for "--env", should be "mainnet" or "testnet"`)
		}
		*p2pNetworkID = p2p.GetNetworkId(env)
		*p2pBootstrap, err = p2p.GetCcqBootstrapPeers(env)
		if err != nil {
			logger.Fatal("failed to determine p2p bootstrap peers", zap.String("env", string(env)), zap.Error(err))
		}
	} else {
		// If they don't specify --env, then --network and --bootstrap are required.
		if *p2pNetworkID == "" {
			logger.Fatal(`If "--env" is not specified, "--network" must be specified`)
		}
		if *p2pBootstrap == "" {
			logger.Fatal(`If "--env" is not specified, "--bootstrap" must be specified`)
		}
	}

	nodeKey := *configDir + "/" + *nodeKeyPath

	var err error
	var sk *ecdsa.PrivateKey
	if !*listenOnly {
		signerKey := *configDir + "/" + *signerKeyPath
		logger.Info("Loading signing key", zap.String("signingKeyPath", signerKey))
		sk, err = common.LoadArmoredKey(signerKey, CCQ_SERVER_SIGNING_KEY, true)
		if err != nil {
			logger.Fatal("failed to load guardian key", zap.Error(err))
		}
		logger.Info("Signing key loaded", zap.String("publicKey", ethCrypto.PubkeyToAddress(sk.PublicKey).Hex()))
	}

	// Load p2p private key
	var priv crypto.PrivKey
	priv, err = common.GetOrCreateNodeKey(logger, nodeKey)
	if err != nil {
		logger.Fatal("Failed to load node key", zap.Error(err))
	}

	// Manual p2p setup
	components := p2p.DefaultComponents()
	components.Port = uint(*p2pPort) // #nosec G115 -- TCP ports are 16 bit, so this conversion is safe
	bootstrapPeers := *p2pBootstrap
	networkID := *p2pNetworkID + "/ccq"

	h, err := p2p.NewHost(logger, ctx, networkID, bootstrapPeers, components, priv)
	if err != nil {
		panic(err)
	}

	topic_req := fmt.Sprintf("%s/%s", networkID, "ccq_req")
	topic_resp := fmt.Sprintf("%s/%s", networkID, "ccq_resp")

	logger.Info("Subscribing pubsub topic", zap.String("topic_req", topic_req), zap.String("topic_resp", topic_resp))
	ps, err := pubsub.NewGossipSub(ctx, h)
	if err != nil {
		panic(err)
	}

	th_req, err := ps.Join(topic_req)
	if err != nil {
		logger.Panic("failed to join request topic", zap.String("topic_req", topic_req), zap.Error(err))
	}

	th_resp, err := ps.Join(topic_resp)
	if err != nil {
		logger.Panic("failed to join response topic", zap.String("topic_resp", topic_resp), zap.Error(err))
	}

	sub, err := th_resp.Subscribe()
	if err != nil {
		logger.Panic("failed to subscribe to response topic", zap.Error(err))
	}

	logger.Info("Test started", zap.String("peer_id", h.ID().String()),
		zap.String("addrs", fmt.Sprintf("%v", h.Addrs())))

	// Wait for peers
	logger.Info("Waiting for peers")
	for len(th_req.ListPeers()) < 1 {
		time.Sleep(time.Millisecond * 100)
	}
	logger.Info("Got peers", zap.Int("numPeers", len(th_req.ListPeers())))

	// Handle SIGTERM
	sigterm := make(chan os.Signal, 1)
	signal.Notify(sigterm, syscall.SIGTERM)
	signal.Notify(sigterm, syscall.SIGINT)
	go func() {
		<-sigterm
		logger.Info("Received sigterm. exiting.")
		cancel()
	}()

	//
	// END SETUP
	//

	if *listenOnly {
		listenForMessages(ctx, logger, sub)
	} else {
		wethAbi, err := abi.JSON(strings.NewReader("[{\"constant\":true,\"inputs\":[],\"name\":\"name\",\"outputs\":[{\"name\":\"\",\"type\":\"string\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"},{\"constant\":true,\"inputs\":[],\"name\":\"totalSupply\",\"outputs\":[{\"name\":\"\",\"type\":\"uint256\"}],\"payable\":false,\"stateMutability\":\"view\",\"type\":\"function\"}]"))
		if err != nil {
			panic(err)
		}

		methods := []string{"name", "totalSupply"}
		callData := []*query.EthCallData{}
		to, _ := hex.DecodeString("C02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2")

		for _, method := range methods {
			data, err := wethAbi.Pack(method)
			if err != nil {
				panic(err)
			}

			callData = append(callData, &query.EthCallData{
				To:   to,
				Data: data,
			})
		}

		// Fetch the latest block number
		//url := "https://localhost:8545"
		url := "https://rpc.ankr.com/eth"
		logger.Info("Querying for latest block height", zap.String("url", url))
		blockNum, err := utils.FetchLatestBlockNumberFromUrl(ctx, url)
		if err != nil {
			logger.Fatal("Failed to fetch latest block number", zap.Error(err))
		}

		logger.Info("latest block", zap.String("num", blockNum.String()), zap.String("encoded", hexutil.EncodeBig(blockNum)))

		// block := "0x28d9630"
		// block := "latest"
		// block := "0x9999bac44d09a7f69ee7941819b0a19c59ccb1969640cc513be09ef95ed2d8e2"

		// Start of query creation...
		callRequest := &query.EthCallQueryRequest{
			BlockId:  hexutil.EncodeBig(blockNum),
			CallData: callData,
		}

		// Send 2 individual requests for the same thing but 5 blocks apart
		// First request...
		logger.Info("calling sendQueryAndGetRsp for ", zap.String("blockNum", blockNum.String()), zap.String("publicKey", ethCrypto.PubkeyToAddress(sk.PublicKey).Hex()))
		queryRequest := createQueryRequest(callRequest)
		sendQueryAndGetRsp(queryRequest, sk, th_req, ctx, logger, sub, wethAbi, methods)

		// This is just so that when I look at the output, it is easier for me. (Paul)
		logger.Info("sleeping for 5 seconds")
		time.Sleep(time.Second * 5)
	}

	// Cleanly shutdown
	// Without this the same host won't properly discover peers until some timeout
	sub.Cancel()
	if err := th_req.Close(); err != nil {
		logger.Fatal("Error closing the request topic", zap.Error(err))
	}
	if err := th_resp.Close(); err != nil {
		logger.Fatal("Error closing the response topic", zap.Error(err))
	}
	if err := h.Close(); err != nil {
		logger.Fatal("Error closing the host", zap.Error(err))
	}

	//
	// END SHUTDOWN
	//

	logger.Info("Success! Test passed!")
}

const (
	CCQ_SERVER_SIGNING_KEY = "CCQ SERVER SIGNING KEY"
)

func createQueryRequest(callRequest *query.EthCallQueryRequest) *query.QueryRequest {
	nonce, err := random.Uint32()
	if err != nil {
		panic(err)
	}
	queryRequest := &query.QueryRequest{
		Nonce: nonce,
		PerChainQueries: []*query.PerChainQueryRequest{
			{
				ChainId: 2,
				Query:   callRequest,
			},
		},
	}
	return queryRequest
}

func sendQueryAndGetRsp(queryRequest *query.QueryRequest, sk *ecdsa.PrivateKey, th *pubsub.Topic, ctx context.Context, logger *zap.Logger, sub *pubsub.Subscription, wethAbi abi.ABI, methods []string) {
	queryRequestBytes, err := queryRequest.Marshal()
	if err != nil {
		panic(err)
	}
	numQueries := len(queryRequest.PerChainQueries)

	// Sign the query request using our private key.
	digest := query.QueryRequestDigest(common.MainNet, queryRequestBytes)
	sig, err := ethCrypto.Sign(digest.Bytes(), sk)
	if err != nil {
		panic(err)
	}

	signedQueryRequest := &gossipv1.SignedQueryRequest{
		QueryRequest: queryRequestBytes,
		Signature:    sig,
	}

	msg := gossipv1.GossipMessage{
		Message: &gossipv1.GossipMessage_SignedQueryRequest{
			SignedQueryRequest: signedQueryRequest,
		},
	}

	b, err := proto.Marshal(&msg)
	if err != nil {
		panic(err)
	}

	err = th.Publish(ctx, b)
	if err != nil {
		panic(err)
	}

	logger.Info("Waiting for message...")
	// TODO: max wait time
	// TODO: accumulate signatures to reach quorum
	for {
		envelope, err := sub.Next(ctx)
		if err != nil {
			logger.Panic("failed to receive pubsub message", zap.Error(err))
		}
		var msg gossipv1.GossipMessage
		err = proto.Unmarshal(envelope.Data, &msg)
		if err != nil {
			logger.Info("received invalid message",
				zap.Binary("data", envelope.Data),
				zap.String("from", envelope.GetFrom().String()))
			continue
		}
		var isMatchingResponse bool
		switch m := msg.Message.(type) {
		case *gossipv1.GossipMessage_SignedQueryResponse:
			if *targetPeerId != "" && envelope.GetFrom().String() != *targetPeerId {
				continue
			}
			logger.Info("query response received",
				zap.String("from", envelope.GetFrom().String()),
				zap.Any("response", m.SignedQueryResponse),
				zap.String("responseBytes", hexutil.Encode(m.SignedQueryResponse.QueryResponse)),
				zap.String("sigBytes", hexutil.Encode(m.SignedQueryResponse.Signature)))
			var response query.QueryResponsePublication
			err := response.Unmarshal(m.SignedQueryResponse.QueryResponse)
			if err != nil {
				logger.Warn("failed to unmarshal response", zap.Error(err))
				break
			}
			if bytes.Equal(response.Request.QueryRequest, queryRequestBytes) && bytes.Equal(response.Request.Signature, sig) {
				// TODO: verify response signature
				isMatchingResponse = true

				if len(response.PerChainResponses) != numQueries {
					logger.Warn("unexpected number of per chain query responses", zap.Int("expectedNum", numQueries), zap.Int("actualNum", len(response.PerChainResponses)))
					break
				}
				// Do double loop over responses
				for index := range response.PerChainResponses {
					logger.Info("per chain query response index", zap.Int("index", index))

					var localCallData []*query.EthCallData
					switch ecq := queryRequest.PerChainQueries[index].Query.(type) {
					case *query.EthCallQueryRequest:
						localCallData = ecq.CallData
					default:
						panic("unsupported query type")
					}

					var localResp *query.EthCallQueryResponse
					switch ecq := response.PerChainResponses[index].Response.(type) {
					case *query.EthCallQueryResponse:
						localResp = ecq
					default:
						panic("unsupported query type")
					}

					if len(localResp.Results) != len(localCallData) {
						logger.Warn("unexpected number of results", zap.Int("expectedNum", len(localCallData)), zap.Int("expectedNum", len(localResp.Results)))
						break
					}

					for idx, resp := range localResp.Results {
						result, err := wethAbi.Methods[methods[idx]].Outputs.Unpack(resp)
						if err != nil {
							logger.Warn("failed to unpack result", zap.Error(err))
							break
						}

						resultStr := hexutil.Encode(resp)
						logger.Info("found matching response", zap.Int("idx", idx), zap.Uint64("number", localResp.BlockNumber), zap.String("hash", localResp.Hash.String()), zap.String("time", localResp.Time.String()), zap.String("method", methods[idx]), zap.Any("resultDecoded", result), zap.String("resultStr", resultStr))
					}
				}
			}
		default:
			continue
		}
		if isMatchingResponse {
			break
		}
	}
}

func listenForMessages(ctx context.Context, logger *zap.Logger, sub *pubsub.Subscription) {
	if *targetPeerId == "" {
		logger.Info("Will not publish, only listening for messages from all peers...")
	} else {
		logger.Info("Will not publish, only listening for messages from a single peer...", zap.String("peerID", *targetPeerId))
	}
	for {
		envelope, err := sub.Next(ctx)
		if err != nil {
			logger.Panic("failed to receive pubsub message", zap.Error(err))
		}
		var msg gossipv1.GossipMessage
		err = proto.Unmarshal(envelope.Data, &msg)
		if err != nil {
			logger.Info("received invalid message",
				zap.Binary("data", envelope.Data),
				zap.String("from", envelope.GetFrom().String()))
			continue
		}
		switch m := msg.Message.(type) {
		case *gossipv1.GossipMessage_SignedQueryResponse:
			if *targetPeerId != "" && envelope.GetFrom().String() != *targetPeerId {
				continue
			}
			logger.Info("query response received",
				zap.String("from", envelope.GetFrom().String()),
				zap.Any("response", m.SignedQueryResponse),
				zap.String("responseBytes", hexutil.Encode(m.SignedQueryResponse.QueryResponse)),
				zap.String("sigBytes", hexutil.Encode(m.SignedQueryResponse.Signature)))
		default:
			continue
		}
	}
}
